controller:
# yum install openstack-keystone python-keystoneclient
# openstack-config --set /etc/keystone/keystone.conf \
database connection mysql://keystone:keystonepw@controller/keystone
$ mysql -u root -p
mysql> CREATE DATABASE keystone;
mysql> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
IDENTIFIED BY 'keystonepw';
mysql> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
IDENTIFIED BY 'keystonepw';
mysql> exit
# su -s /bin/sh -c "keystone-manage db_sync" keystone
# ADMIN_TOKEN=$(openssl rand -hex 10)
# echo $ADMIN_TOKEN
87bd130fbcf99521cd95 #你顯示的可能不一樣,沒關係的 ?xml:namespace>
# openstack-config --set /etc/keystone/keystone.conf DEFAULT \
admin_token $ADMIN_TOKEN
# keystone-manage pki_setup --keystone-user keystone --keystone-group keystone
# chown -R keystone:keystone /etc/keystone/ssl
# chmod -R o-rwx /etc/keystone/ssl
# service openstack-keystone start
# chkconfig openstack-keystone on
下面這個是刪除過期的token,我沒管。
# (crontab -l -u keystone 2>&1 | grep -q token_flush) || \
echo '@hourly /usr/bin/keystone-manage token_flush >/var/log/keystone/keystone-tokenflush.log 2>&1' >> /var/spool/cron/keystone
$ export OS_SERVICE_TOKEN= ADMIN_TOKEN
###把這個ADMIN_TOKEN換成剛纔的87bd130fbcf99521cd95
$ export OS_SERVICE_ENDPOINT=http://controller:35357/v2.0
$ keystone user-create --name=admin --pass=adminpw --email=[email protected]
$ keystone role-create --name=admin
$ keystone tenant-create --name=admin --description="Admin Tenant"
$ keystone user-role-add --user=admin --tenant=admin --role=admin
$ keystone user-role-add --user=admin --role=_member_ --tenant=admin
$ keystone user-create --name=demo --pass=demopw --email=[email protected]
$ keystone tenant-create --name=demo --description="Demo Tenant"
$ keystone user-role-add --user=demo --role=_member_ --tenant=demo
$ keystone tenant-create --name=service --description="Service Tenant"
$ keystone service-create --name=keystone --type=identity \
--description="OpenStack Identity"
$ keystone endpoint-create \
--service-id=$(keystone service-list | awk '/ identity / {print $2}') \
--publicurl=http://controller:5000/v2.0 \
--internalurl=http://controller:5000/v2.0 \
--adminurl=http://controller:35357/v2.0
$ unset OS_SERVICE_TOKEN OS_SERVICE_ENDPOINT
$ keystone --os-username=admin --os-password=adminpw \
--os-auth-url=http://controller:35357/v2.0 token-get
$ keystone --os-username=admin --os-password=adminpw \
--os-tenant-name=admin --os-auth-url=http://controller:35357/v2.0 \
token-get
vi admin-openrc.sh
export OS_USERNAME=adminexport OS_PASSWORD=adminpwexport OS_TENANT_NAME=adminexport OS_AUTH_URL=http://controller:35357/v2.0$ source admin-openrc.sh
$ keystone token-get
# keystone user-list
# keystone user-role-list --user admin --tenant admin
但願你還沒有出錯。